Saturday, March 29, 2008

Leopard security breached due to Safari vulnerability at CanSecWest

a new security breach has been discovered in OS X Safari, a hacker named Charlie Miller has hacked into a macbook air in under 2 minutes and read a file in the contest PWN2OWN in the security conference CanSecWest that is held in Canada (partially sponsored by Microsoft and Google).

the happy hacker beside getting the recognition he deserve, he also get to keep the computers he successfully hacked (in addition to the 10,000$ reward), he was the one that hacked into the iPhone first at last years security summit, and he also talked about it in the CanSecWest.

what is the exact security
you can read all about it anywhere, here is a NYTimes Link, and here is another link,

i think that if he succeeded under 2 minutes then he came prepared from home, and it got me thinking, who the hell will spend a great hack like that on a vista or linux that runs on PC its worth more to hack a mac especially a macbook air.

the security threat or hack method is not publicized yet, the security expert miller was signed by TippingPoint for his discovery and did not publish the hack method.

i was very disappointed to hear that old crappy vista wasn't the first to fall, and leopard that does everything right got busted probably due to rapid development and extreme speed of releases on safari behalf, we have seen many versions of safari in the past month alone,
its good for us as consumers but bad for bugs, security threats, and apples reputation.

of course that the Microsoft lovers laughing their @ss off but its like a leper laughing at a guy with a zit so that reminded me this youTube video (very funny).

Vista however got hacked at the last day of the contest by Shane Macaulay, with the help of Derek Callaway, the fujitsu laptop and vista got hacked due to a Java security workaround, the box contained Microsoft latest SP1.
the sole remaining undefeted box was Sony Vaio with Linux.

hope this is the last blow apple will take for Microsoft (probably not),

Enjoy (well i at least try to).

No comments:

the menu is from: Milonic DHTML menus